security on the desktop - defense technical information center · security on the desktop fighting...
TRANSCRIPT
![Page 1: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/1.jpg)
Security on the DesktopFighting the Enemy Within
GovTechNet 99-15 June 99
Army Research Laboratory
Adelphi Lab Center (ARL-ALC)
LTC Paul Walczak(301) 394-3862 DSN [email protected]
![Page 2: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/2.jpg)
Form SF298 Citation Data
Report Date("DD MON YYYY") 15061999
Report TypeN/A
Dates Covered (from... to)("DD MON YYYY")
Title and Subtitle Security on the Desktop Fighting the Enemy Within
Contract or Grant Number
Program Element Number
Authors Project Number
Task Number
Work Unit Number
Performing Organization Name(s) and Address(es) Army Research Laboratory Adelphi Lab Center (ARL-ALC)
Performing Organization Number(s)
Sponsoring/Monitoring Agency Name(s) and Address(es) Monitoring Agency Acronym
Monitoring Agency Report Number(s)
Distribution/Availability Statement Approved for public release, distribution unlimited
Supplementary Notes
Abstract
Subject Terms
Document Classification unclassified
Classification of SF298 unclassified
Classification of Abstract unclassified
Limitation of Abstract unlimited
Number of Pages 10
![Page 3: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/3.jpg)
REPORT DOCUMENTATION PAGEForm Approved
OMB No. 074-0188Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering andmaintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503
1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE
6/15/993. REPORT TYPE AND DATES COVERED
Briefing4. TITLE AND SUBTITLE
Security on the Desktop, Fighting the Enemy Within5. FUNDING NUMBERS
6. AUTHOR(S)
LtCol Paul Walczak
7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER
IATACInformation Assurance Technology AnalysisCenter3190 Fairview Park DriveFalls Church VA 220429. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING
AGENCY REPORT NUMBER
Defense Technical Information CenterDTIC-IA8725 John J. Kingman Rd, Suite 944Ft. Belvoir, VA 2206011. SUPPLEMENTARY NOTES
12a. DISTRIBUTION / AVAILABILITY STATEMENT
A
12b. DISTRIBUTION CODE
13. ABSTRACT (Maximum 200 Words)
This briefing entitled “Security on the Desktop: Fighting the Enemy Within” was presentedby LTC Paul Walczak, of the Army Research Laboratory to GovTechNet 99 in June 1999. Itexamines the scope of the challenges of securing Army information and information networksand provides some examination of some of the INFOSEC research areas that will tackle thisproblem.
14. SUBJECT TERMS
INFOSEC15. NUMBER OF PAGES
16. PRICE CODE
17. SECURITY CLASSIFICATION OF REPORT
Unclassified
18. SECURITY CLASSIFICATION OF THIS PAGE
UNCLASSIFIED
19. SECURITY CLASSIFICATION OF ABSTRACT
UNCLASSIFIED
20. LIMITATION OF ABSTRACT
None
![Page 4: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/4.jpg)
GovTechNet 99-15 June 99 Slide Courtesy of US Army PEOC3S
![Page 5: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/5.jpg)
GovTechNet 99-15 June 99
U.S. Army Near Term RequirementsFDD Division Chart
MANEUVERMCS (2)FBCB2 (1)M1A2SEP(28)M2/M3A3 (31)LANDWARLRAS3 (45)C2V (21)MFCSBCISFSCSA2C2S (50)AH64-D (29)OH58D (51)AMPS (52)RAH-66
INTELASAS (3)TUAV (49)AQF (48)CGS/GSM (22)GBCS-H (23)IMETS (24)TROJAN (25)MITT/DTES(26)
FIRE SPTAFATDS (4)PALADIN (33)MLRS (38)LLDR (53)STRIKER (35)BFIST (47)CRUSADER
ADAFAADC2 (5)AVENGER (34)STCLINEBACKER (39)SENTINEL (40)*JTIDS (32)
MOB / SURVDTSS (16)
WOLVERINE(46)M93 A1 FOX (37)
GRIZZLYIMFJWARN
LOGISTICSCSSCS (6)*GCSS-A (30)MTS (19)RF TAGS (17)*TMT (41)*FRS-HDVE
C2SINCGARS-SIP (7)EPLRS-VHSIC (8)*NTDR (9)WIN-T (10)ATM/FSENHCLOSSPITFIRE (12)SMART-T (13)GBS (14)ISYSCON (15)*TOCS (11)DMS (20)FDR (34)ACNPCS
Additional Integration RequirementsArchitecture, Security, CTSF, Systems Integration,
Training, & Collaborative Planning tools
XXBased on
00/04Fielding
Send & Receive OrdersSituational Awareness
Common Relevant PictureLogistics Management
Slide Courtesy of US Army CECOM I2WD
![Page 6: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/6.jpg)
U.S. Army Objective RequirementsABCS Systems/Networks Chart
MCS
CSSCS
GCCS-A DTSS
FAAD C2
ASAS
AFATDSFBCB2
IMETS
GCCS-A IneropAIBS-army-96FAISA-army-97IMETS-army-97-98ISYSCON-army-UTARSTAT-army-97-98AMSAA-joint-96APC-joint-96ASAS-joint-97ATCOM-joint-96AWDS-joint-97CASCOM-joint-96CTAPS/TBCMS-joint-97DAMO-ODR-joint-96DES-joint-96DLA/ICIS-joint-96GCCS/GSORTS-joint-98GCCS/GSRDI-joint-98GCCS/JOPES-joint-98IOC-joint-96ISC-P-joint-96JTAV-joint-97LOGSA-joint-96MCS-joint-96PERSCOM-joint-96RAMS-joint-96REQVAL-joint-96SAMAS-joint-96TAV-joint-96
MCS InteropAGCCS-army-96DTSS-army-96LFCS-army-97CTAPS-joint-97JMCIS-joint-98JStarsCGS-joint-98TCO-joint-98AUSTACCS-alliled-98HEROS-allied-96LFCCIS-allied-97QIFS-allied-98SIACCON-allied-98SCIF-allied-96
IMETS InteropGPS-army-MMS-army-UAV-army-JSTARS CGS-joint
CSSCS InteropDAMM-R-army-99ICS3-army-99SAAS/MOD-army-99SAMS/2-army-99SARSS/1-army-97SARSS/2AD-army-98SIDPERS/2.75-army-97SIDPERS-3.army-98SPRS/R-army-97TAMMIS-army-98ULLS/S4-army-98
Legend:example: JMCIS-joint-98
System
Implementation Year (U=Unscheduled)
Interface Level:
AlliedArmyJoint
FBCBS InteropA2C2S-army-99BCIS-army-KIOWA-army-ULVRS-army-UM1A2 SEP-army-M2A3-army-MICAD-NBCRS-armyPaladin-AFCSPLGR-army-97LandWarrior-army
DTSS InteropFAST-joint-JSTARS CGS-joint-MITT-joint-
FAAD C2 InteropLLAPI-allied-95GBS Radar-army-94HIMAD-army-94LSDIS Radar-army-97TIBS-army-UAWACS-joint-93Hawkeye-joint-93
AFATDS InteropATHS-army-97BCS-army-97FBCB2-army-00FDS-army-97Firefinder (q-36)-army-97FIST DMD-army-97FOCC-army-97FOS-army-98IDM-army-99IFSAS-army-97LtacFire-army-97MBC-army-97MDS-army-97MFCS-army-99MMS-army-97UAV/TS/00-army-UAFATDS-joint-99 (MC)CTAPS/TBMCS-joint-98IFSAS-joint-97 (MC)Jstars/CGS-joint-97TacFire-01-joint-U (MC)ADLER-allied-98ATLAS-allied-98BATES-allied-98
ASAS InteropAdv Quickfix-army-UAMS-army-00ARL-army-UATCAE-army-97CTS/CTAPS-army-97DAI-army-97Enhan Trackworl-army-UEPDS-army-97ETRAC-army-UETUT-army-97GBCS-army-UGuardrail-army-97IEWCS-army-UIPF-army-97MIES-army-97MIIT-army-97NGIC-army-UNPIC-army-UNSA-army-07SSP/S-army-97TEAMMATE-army-97TES-army-97THMT-army-97TrafficJam-army97Trailblazer-army-97TRRIP-army-UUAV GCS-army-97UAV MPCS-army-97CARS/TRIGS-joint-97IAC-joint-97JMCIS-joint-97JstarsCGS-joint-97NIPS-joint-97TBCMS-joint-UTCAC-joint-97PASS-K-alllied-URAPIDE-allied-97
Slide Courtesy of US Army CECOM I2WD
![Page 7: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/7.jpg)
GovTechNet 99-15 June 99
Partial View to Problem’s Scale
Army Information Systems 14,544
– Major Systems 1,219
• Mission Critical 638
• Other Major 581
– Other Systems (996 Web sites) 13,325
Information Technology Controlled Devices 444,196– PCs/Servers 365,077
– Facilities & Other 42,048
– Communications Hardware/Software 7,071
Army IS Security Program (total funding) $ 87 million
![Page 8: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/8.jpg)
GovTechNet 99-15 June 99
Classes of Computer Misuse Techniques
![Page 9: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/9.jpg)
GovTechNet 99-15 June 99
Securing Systems at the Desktop
F Insider Misuse
F Development Practice
F Threat is Learning
F Warrior’s “desktop”
F Assurance >>Securing Systems
F Process and Culture
o Holistic interpretation
o Acquisition Strategy
o Education, Training
o Spectrum of Information
o Overarching concept for
INFOSURV
o No silver bullets
![Page 10: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/10.jpg)
GovTechNet 99-15 June 99
Directions for INFOSURV R&D
¶ Robust networking protocols· Requirements metrics
¸ Predictable systems composition¹ Data analysis and correlation
º Dynamic system (re) configuration» Dynamic adaptability
¼ Architectures½ Mobile code
Ò Components
![Page 11: Security on the Desktop - Defense Technical Information Center · Security on the Desktop Fighting the Enemy Within GovTechNet 99-15 June 99 Army Research Laboratory Adelphi Lab Center](https://reader033.vdocuments.us/reader033/viewer/2022053022/60513090f4455c1c6444b338/html5/thumbnails/11.jpg)
GovTechNet 99-15 June 99
INFOSEC Research Areas1 -Security Engineering Methodologies
2 -Detecting Intrusion and Misuse
3 -Mobile, Foreign Code
4 -Controlled Sharing
5 -Denial of Service
6 -Application Security
7 -Communications Security
8 -Security in Mobile Environments
9 -Security Management Infrastructure